Protecting privileged user credentials with integrated MFA

Nov 30, 2017 | by Tony Karam

Privileged user credentials provide nearly unrestricted access to IT systems and services. That level of access enables these users to do their jobs – and, unfortunately, puts their credentials at risk for theft and misuse. After all, what cyber attacker wouldn’t want to get their hands on the credentials that provide access to many of the organization’s most critical resources? To help reduce that risk, many organizations today are turning to privileged access management (PAM) solutions. While these solutions can be great for monitoring privileged users’ activity and managing their passwords, it is not enough to protect the organization from a breach. For that, you need a more comprehensive set of capabilities incorporating modern multi-factor authentication (MFA) and centralized identity governance.

MFA Reduces the Risk of Privileged Credentials AbuseThinking about what may happen if a privileged user’s passwords should fall into the wrong hands is enough to keep any identity and access team up at night. Once an intruder has those “keys to the kingdom,” the next step could be disabling controls, stealing private data, committing fraud—even taking over the entire IT infrastructure. Restricting privileged access and locking down credentials are critical steps in preventing catastrophe. But what happens when someone presents with the right credentials, but isn’t really who they’re claiming to be?

As cyber attackers keep coming up with more sophisticated ways to hijack privileged user credentials, it becomes increasingly important to integrate modern multi-factor authentication methods with privileged access management capabilities. That way, if someone attempts to access a resource or application as a privileged user, they can be challenged with additional authentication methods to verify they are, in fact, who they say they are.

Centralized Identity Governance Provides Tight ControlWhen you incorporate centralized identity governance and lifecycle capabilities into a solution for privileged user management, you enable a unified view of privileged user access that’s driven by policy-based identity management for those users and their applications. Centralized governance helps ensure privileged access is exercised appropriately and in compliance with an organization’s security practices, while automated lifecycle management makes it easier to manage privileges accurately throughout their lifecycle, from the time a privileged user is granted access upon assuming a role within the organization to the time privileges are modified or revoked because the user changes roles or leaves the company altogether.

Collaborations like this one are part of a larger RSA initiative to eliminate identity risk by transforming secure access to be pervasive, connected and continuous. To learn more, read the latest news about RSA’s expanding technology ecosystem.